bug-1928934: fix super search fields in signature report forms (#6786)

* bug-1928934: fix super search fields in signature report forms In 9b425e5, I changed the name of the field the webapp permissions were stored in, but missed updating the signature report view. This fixes that and adds a test. * bug-1928934: fix get_fields() return value shape This returns `fields` to being a list of field names so the rest of the code that depends on it works correctly.
mozilla-services · Nov 4, 2024 · f187f7a · f187f7a
1 parent 5fab93e
commit f187f7a
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 10 deletions.
diff --git a/webapp/crashstats/documentation/jinja2/docs/supersearch/api.html b/webapp/crashstats/documentation/jinja2/docs/supersearch/api.html
@@ -92,7 +92,7 @@ <h2 id="param-_results_offset">_results_offset</h2>
 
         <p class="description">
           Use this parameter to get a large number of results instead of setting
-          an arbitraty big <code>_results_number</code> value. Run queries in a
+          an arbitrary big <code>_results_number</code> value. Run queries in a
           loop, incrementing this by the value of <code>_results_number</code>,
           and concatenate the content of the <code>hits</code> key.
         </p>
@@ -146,7 +146,7 @@ <h2 id="param-_aggs.*">_aggs.*</h2>
           run an aggregation on <code>field_1</code>, then for each bucket of
           that aggregation, it will aggregate on <code>field_2</code>, and then
           for each bucket of that sub-aggregation, it will aggregate on
-          <code>field_3</code>. Theoratically, we could have any number of
+          <code>field_3</code>. Theoretically, we could have any number of
           levels of aggregations, but in practice we only allow all "level 1"
           aggregations, and a few "level 2" and "level 3".
         </p>
@@ -300,6 +300,9 @@ <h2 id="param-{{ filter.name }}">{{ filter.name }}</h2>
               {% endfor %}
             </p>
 
+            {# NOTE(willkg): we use permissions_needed so it matches the
+            protected crash schema rather than the webapp permissions which
+            users won't understand #}
             {% if filter.permissions_needed %}
               <p class="permissions">{{ filter.permissions_needed | join(', ') }}</p>
             {% endif %}

diff --git a/webapp/crashstats/signature/tests/test_views.py b/webapp/crashstats/signature/tests/test_views.py
@@ -9,10 +9,12 @@
 
 import pyquery
 
+from django.contrib.auth.models import AnonymousUser
 from django.urls import reverse
 from django.utils.encoding import smart_str
 
 from crashstats.crashstats import models
+from crashstats.signature.views import get_fields
 from socorro.lib.libdatetime import date_to_string, utc_now
 from socorro.lib.libooid import create_new_ooid, date_from_ooid
 
@@ -661,3 +663,16 @@ def test_signature_bugzilla(self, client, db, es_helper):
             < content.find("Related Crash Signatures")
             < content.find("Bugs for <code>OOM | small</code>")
         )
+
+    def test_get_fields(self, db, user_helper):
+        # Create anonymous user and get fields
+        user = AnonymousUser()
+        fields = get_fields(user)
+        len_public_fields = len(fields)
+        assert len(fields) > 0
+
+        # Create user with protected data access, get fields, and make sure there are
+        # more of them than if the user didn't have protected data access
+        user = user_helper.create_protected_user()
+        fields = get_fields(user)
+        assert len(fields) > len_public_fields
diff --git a/webapp/crashstats/signature/views.py b/webapp/crashstats/signature/views.py
@@ -71,6 +71,24 @@ def inner(request, *args, **kwargs):
     return inner
 
 
+def get_fields(user):
+    """Retrieve super search fields this user has access to
+
+    :arg user: a Django User instance
+
+    :returns: a list of dicts with "id" and "text" keys
+
+    """
+    return sorted(
+        x["name"]
+        for x in SuperSearchFields().get().values()
+        if x["is_exposed"]
+        and x["is_returned"]
+        and user.has_perms(x["webapp_permissions_needed"])
+        and x["name"] != "signature"  # exclude the signature field
+    )
+
+
 @track_view
 @csp_update(CONNECT_SRC="analysis-output.telemetry.mozilla.org")
 @pass_validated_params
@@ -84,14 +102,7 @@ def signature_report(request, params, default_context=None):
 
     context["signature"] = signature
 
-    fields = sorted(
-        x["name"]
-        for x in SuperSearchFields().get().values()
-        if x["is_exposed"]
-        and x["is_returned"]
-        and request.user.has_perms(x["permissions_needed"])
-        and x["name"] != "signature"  # exclude the signature field
-    )
+    fields = get_fields(request.user)
     context["fields"] = [
         {"id": field, "text": field.replace("_", " ")} for field in fields
     ]